From the course: Cybersecurity Foundations: Governance, Risk, and Compliance (GRC)
GDPR
From the course: Cybersecurity Foundations: Governance, Risk, and Compliance (GRC)
GDPR
- [Instructor] May 25th, 2018 was a big day in the privacy and security compliance industry. It's the day the General Data Protection Regulation was born and started to be enforced across Europe. Let's learn what GDPR is. Look, I can't understate how monumental GDPR was, and how it modernized the laws that protect the personal information of individuals and spark privacy conversations around the globe. GDPR is considered the world's strongest set of data protection rules, which outlines how people can access information about them and places limits on what organizations can do with personal data. The European Union says that GDPR was designed to harmonize data privacy laws across all of its members countries. GDPR is all about personal data. Any information that allows a living person to be directly or indirectly identified from available data or information is what personal data includes. There is a wide range of information considered personal data, and certain data types are given greater protections, including the items shown on the screen. GDPR puts businesses into two buckets, controllers and processors. Controllers are the main decision makers. They have the control over the data you provide in the system. They're the businesses you'd reach out to to update, delete, or add your personal data. Processors have requirements under GDPR as well, but they act on behalf and only on the instructions of the relevant controller. Controllers have stricter obligations under GDPR than processors. GDPR is a European law, but it applies to businesses outside the EU. It applies to businesses in places like the US, so GRC professionals in the United States and other non-EU countries must understand that GDPR is relevant to their organization and ensure they are compliant. The full text of GDPR is massive. There are almost 99 individual articles, and it can be really tough to understand. There are seven principles that GDPR lays out in Article 5 of the legislation. These principles are designed to guide how you handle personal data. They aren't prescriptive rules, but more of a framework designed to lay out the purpose of GDPR. If you're getting started with GDPR, I would start an Article 5. That's where you'll find a lot of the details on these principles and quickly understand how to apply GDPR to your organization. These seven principles are lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality and accountability. Look, GDPR is a serious law, and the consequences of being noncompliant are potential large fines and severe reputational damage. We've seen a number of privacy laws built on the success of GDPR, and I think we will continue to see the privacy and security compliance space grow because of the initial work of GDPR. You, as a GRC professional, must understand what GDPR is, and continually assess if it applies to your company.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.